Vectra-AI

Version : Vectra AI

Vectra?is an AI-driven threat detection and response platform. The Cognito platform uses artificial intelligence to reveal single in-progress cyberattack on hosts and predicts the potential spread of the attack in real-time.

Netsurion Open XDR helps to monitor events from Vectra AI. Its dashboard, alerts and reports will keep you informed about attacks, suspicious host accounts and audit activities.

Alerts are triggered whenever user login-failure occurs, which helps to detect brute force attacks.

Netsurion Data Source Integrations for Vectra AI allows you to monitor the following components: –

  • Security- Login failures, Threat detected, Suspicious account detected, Account lockdown.
  • Operation– Audit activities
  • Compliance– Successful Logins  

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Vectra – Login failed This alert is generated when user fails to login.
Security Vectra – Threat detected This alert is generated when any threat is detected on the system.
Security Vectra – Suspicious account detected This alert is generated when any suspicious account is detected.
Security Vectra – Account lockdown This alert is generated when any account lockdown activity is detected.

Reports

Type Name Description
Security Vectra – Login Failed This report gives information about failed logins detected by Vectra AI. It contains details of the username, user privilege, source IP and details of failed login attempts which will be useful for investigation.
Security Vectra – Threat Detected This report gives the information about the threats detected by Vectra AI. It contains details of the threat name, its category, threat and certainty score and system information which will be useful for investigation.
Security Vectra – Host Score This report gives the information about the host scoring detected by Vectra AI. It contains details of the host, threat score and certainty score, and system details which will be helpful to investigate the host and its activities.
Security Vectra – Account Score This report gives the information about account scoring logs detected by Vectra AI. It contains details of the account, system, threat and certainty score of the log, which can be useful for investigating the cause.
Security Vectra – Account Lockdown This report gives information about account lockdown detected by Vectra AI. It contains details of the account, username and the system that has been locked down, which can be useful for investigation.
Operations Vectra – Audit Activities This report gives information about audit activities detected by Vectra AI. It contains the username, user privilege and other system details to keep track of all the audit activities performed.
Compliance Vectra – Login Success This report gives information about successful logins detected by Vectra AI. This contains the username, user privilege, source IP and other details of successful logins to keep track of users accessing the system.

Documentation:

The configurations details are consistent with Netsurion Open XDR 9.x and later, and Vectra AI.

Download Integration Guide and How-to Guide for configuration instructions and more information.